2179 matches found
Cross site scripting
A XSS vulnerability was found in html-page =2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering...
CVE-2018-16484
A XSS vulnerability was found in module m-server 1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names...
Base Soundtouch 18.1.4 Cross Site Scripting
CWE-80 XSS Bose Soundtouch App Internal reference: - Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 18.1.4 and maybe older versions, too not tested Vulnerable component: IOS Frontend of the application Report confidence: Unconfirmed Solution status: Could be fixed by vendor?...
Soundtouch App Cross-Site Scripting Vulnerability
Soundtouch App is a mobile setup software for music speakers. A cross-site scripting vulnerability exists in Soundtouch App. An attacker can exploit the vulnerability to execute malicious javascript code in the user context...
jolokia: Cross site scripting in the HTTP servlet
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...
Headless Chrome: DevOps Love It, So Do Hackers, Here’s Why
Google Chrome is the most popular web browser and has been so for almost a decade. Each new version of Chrome brings new usability, security and performance features. This article focuses on the “headless mode” feature that Google released more than a year ago; and, since day one has become very...
CVE-2018-12241
The Symantec Security Analytics SA 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting XSS vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks ...
SAP Fiori Client Code Execution Vulnerability
SAP Fiori Client is a client program from SAP Germany for running the SAP Fiori Launchpad on mobile devices. A code execution vulnerability exists in SAP Fiori Client that can be exploited by an attacker to execute malicious JavaScript code in an embedded log reader...
CVE-2018-2491
When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the...
Design/Logic Flaw
When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the...
CVE-2018-2491
When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the...
Reflected XSS in Firefox in check endpoint
When passing an invalid check name as parameter to the endpoint where the easymon routes are mounted, a 406 response with a body that contains the invalid check name unescaped is returned. Malicious JavaScript can be injected into that invalid name and have it executed in Firefox...
Cross-Site Scripting
Overview Versions of exceljs before 1.6.0 are vulnerable to cross-site scripting. This vulnerability is due to exceljs does not validate data from parsed XLSX file and allows to embed HTML tags, like , directly in the sheet cells. Because of this it's possible to inject malicious JavaScript code...
xss vulnerability in free version of s-cms hospital website builder system
S-CMS hospital station building system is developed by asp+access/mssql, easy to operate, convenient, support PC+mobile+WeChat. There is a cross-site scripting vulnerability in S-CMS hospital website builder system. An attacker can insert malicious js code into the page to obtain user cookies and...
Stored Cross-Site Scripting Vulnerability in "I want to submit a paper" in the background of Daimi CMS
DAMI CMS is a PC building station and cell phone building station integrated all-in-one system. A stored cross-site scripting vulnerability exists in the "I want to submit" section of the backend of Daimi CMS. An attacker can insert malicious js code into the page to obtain user cookies and other...
AjentiCP Cross-Site Scripting Vulnerability
AjentiCP is a hosting management panel. A cross-site scripting vulnerability exists in AjentiCP 1.2.23.13 and earlier versions. A remote attacker can exploit this vulnerability to execute malicious JavaScript code in a user's browser...
Cross site scripting
Symantec Web Isolation WI 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting XSS vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious...
jolokia: Cross site scripting in the HTTP servlet
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...
Qualys BrowserCheck CoinBlocker Protects Users From Active Cryptojacking Campaigns
Qualys Malware Research Labs recently released the Qualys BrowserCheck CoinBlocker Chrome Extension. We have seen enthusiastic adoption from users across the globe in the first week since its release, which has given us enough telemetry data to indicate success in protecting users from popular...
Staying Safe in the Era of Browser-based Cryptocurrency Mining
Qualys Malware Research Labs is announcing the release of Qualys BrowserCheck CoinBlocker Chrome extension to detect and block browser-based cryptocurrency mining, aka cryptojacking. Cryptojacking Cryptojacking attacks leverage the victim system’s resources via malicious JavaScript to mine certai...